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AMENDMENTS TO THE CLAIMS 

Please amend claims 1 and 37 as shown in the listing of claims below. This 
Listing of Claims will replace all prior versions and listings of claims in the 
application. Added material is shown in underlined type, and deleted material is 
shown in strikeout type or within [[double brackets]]: 

Listing of Claims 

This listing of claims will replace all prior versions and listings of claims in the 
application: 

1 . (Currently Amended) A system for controlling use of requested digital 
content having usage rights associated therewith, said system comprising: 
a server having digital content stored thereon; 

a client computer having a standard application program including a rendering 

engine capable of being accessed to render content; 

a communications network coupled to said client and said server; and 
a client side security module, separate from the rendering engine, which is 

downloaded and included in said client computer, the security module being adapted 

to be attached to the standard application program for enforcing security conditions 

for accessing the rendering engine, 

wherein the security module determines if the requested digital content 

is protected content based upon the usage rights associated with the requested digital 

content, and 

wherein, if the requested digital content is protected content, the security 
module intercepts a request to the rendering engine to render the protected digital 
content, and 

wherein, if the security module determines that the requested digital 
content is protected content, the security module determines whether the requested to 
allow a user to perform a requested function on the protected digital content based 
upon the usage rights associated with the protected digital content, and responds to is 

11161370.5 



Docket No. 111325-000200 
Serial No. 10/046,670 
Page 3 of 32 



protected content, and grants or denies the request to render the perform the requested 
function on the protected digital content based on the usage rights associated with the 
protected digital content only if it is determined by the security module that the 
requested digital content is protected content , and 

wherein, if the security module determines that the requested digital 
content is not protected content, the security module disengages from the rendering 
engine . 

2. (Previously Presented) A system as recited in claim 1, wherein the security 
conditions include the usage rights associated with the content. 

3. (Original) A system as recited in claim 2, wherein the usage rights specify a 
manner of use of the content and conditions for exercising the manner of use. 

4. (Original) A system as recited in claim 1, wherein said security module is 
operative to determine if said client computer is missing any security component 
software based on a predetermined configuration required for managing security of 
requested content and if said at least one client unit is missing any security component 
software based on said predetermined configuration, said security module is operative 
to provide said missing security component software to said client computer. 

5. (Previously Presented) A system as recited in claim 1, wherein if said 
security module determines that the request is not for protected content, the security 
module deactivates . 

6. (Original) A system as recited in claim 1, wherein said server comprises 
plural server computers and said security module is operative to cause said client 
computer to exchange one or more keys with a first of said server computers to obtain 
a validation certificate, said validation certificate permitting said client computer to 
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securely communicate with a second of said server computers without any further 
exchange of keys between said client computer and any of said server computers. 

7. (Original) A system as recited in claim 1, wherein said security module is 
operative to define a user interface of said standard application in accordance with 
parameters specified by said server. 

8. (Original) A system as recited in claim 1, wherein parameters comprise 
specifications describing at least one of buttons, colors, patterns, animations, menus, 
and tool bars. 

9. (Original) A system as recited in claim 1, wherein said security module is 
operative to superimpose a watermark based on client specific data on a image 
rendered by said rendering engine. 

10. (Original) A system as recited in claim 9, wherein the client specific 
data is unique to the standard application. 

1 1 . (Original) A system as recited in claim 9, wherein the client specific 
data is unique to the client computer. 

12. (Previously Presented) A system as recited in claim 1, further comprising a 
transaction aggregator system for managing transactions relating to document 
distribution and a server side security component that directs the client computer to 
the transaction aggregator to receive the client side security module in exchange for 
transmitting user information to the transaction aggregator when said client computer 
makes a request for content and when said client side security module is not installed 
in said client computer, and wherein said transaction aggregator validates said client 
computer, based on predetermined conditions, and wherein said client side security 
module is unique to thereby identify said client computer to said server and to permit 
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said server to report information relating to transactions with said client side computer 
to said transaction aggregator. 

13. (Original) A system as recited in claim 12, wherein said request is a 
request for purchase of digital content, and said one or more requirements are 
purchase price and a manner of use of said digital content. 

14. (Original) A system as recited in claim 13, wherein said digital 
content comprises at least one of text, video, music, sound, and multimedia. 

15. (Original) A system as recited in claim 9, wherein said information 
relating to transactions included purchase price information and wherein said 
transaction aggregator tracks and accumulates said purchase price information for 
each client computer for a predetermined period of time. 

16. (Original) A system as recited in claim 15, wherein each transaction 
is a micro-transaction request which is accumulated by said content aggregator and the 
total value is transmitted to a credit card company at the end of each period. 

17. (Original) A system as recited in claim 12, wherein said server does 
not obtain the user information of said client computer. 

18. (Original) A system as recited in claim 1, wherein said server 
comprises a storage device containing a folder of embedded links to digital content 
and wherein the address of said folder is selected one of and to be difficult to 
ascertain, said security module being operative to provide information relating to at 
least one of the links when said client computer sends a request for content to said 
server and said security module indicates that that said client computer is authorized 
to access the content. 
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19. (Original) A system according to claim 18, wherein said digital 
content is a chapter of a book, and said request is a request for renting said chapter of 
said book for a predetermined period of time. 

20. (Original) A system as recited in claim 1, wherein said security 
module creates a document containing references to the digital content and spawns a 
child instance of the rendering engine to render the document, and wherein said child 
instance of said rendering engine is operative to follow the references to retrieve 
content through an asynchronous protocol from a secured location. 

21 . (Original) A system as recited in claim 20, wherein said secured 
location is a trusted server system. 

22. (Original) A system as recited in claim 21 , wherein said rendering 
engine is a Web browser. 

23. (Original) A system as recited in claim 1, further comprising a 
trusted server system and wherein said security module is operative to check security 
information of executable code to be loaded on said client computer to ascertain if 
said executable code is certified for security and if said executable code is certified, 
permitting said executable code to be installed on said client computer and wherein if 
said executable code is not certified, said server contacts said trusted site to verify if 
said executable code is certified by said trusted site and permits said executable code 
to be installed on said client computer if said executable code is authorized. 

24. (Previously Presented) A system as recited in claim 12, wherein said 
security component is operative to encrypt first portions of data transferred from said 
server to said client computer while second portions of said data are sent to said client 
computer without any encryption, and wherein the ratio of the size of said first 
portions of said data stream to the total size of said data stream is less than a 
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predetermined maximum number and said ratio of the size of said first portions of said 
data to the total size of said data is selected based on communication variables 
monitored by said security component. 

25. (Original) A system as recited in claim 24, wherein said 
communication variables comprise at least one of the total amount of data to be 
transferred, the communication network latency, and the communication speed. 

26. (Previously Presented) A system as recited in claim 12, wherein said 
security component is operative to look for a signature on a request from said client 
computer to said server and if the signature does not exist, to send a software agent 
from said server to said client computer, and wherein said software agent is operative 
to check said client computer to determine if said client computer is secured and the 
request is signed and returned to said server if said agent determines that said client 
computer is secured. 

27. (Original) A system as recited in claim 26, wherein said request is a 
URL request. 

28. (Previously Presented) A system as recited in claim 1, wherein said 
security module embeds all security information in a header of a document transmitted 
between said client computer and said server, said document having a body that does 
not contain security information for content in the document. 

29. (Original) A system as recited in claim 28, wherein said document is 
an HTML document. 

30. (Original) A system as recited in claim 1, wherein said security 
module is operative to check a request made by said client computer at two stages, a 
first stage filter checks if said request corresponds to a prohibited URL and a second 
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stage filter checks if said request corresponds to a prohibited directory, and wherein if 
said request corresponds to a prohibited URL, or if said request corresponds to a 
prohibited directory, then said request is denied by said server. 

3 1 . (Original) A system as recited in claim 30, wherein if said request is 
denied by said server, said security module is operative to direct said client computer 
to present an appropriate access authorization before transferring content. 

32. (Previously Presented) A system as recited in claim 12, wherein in 
response to a request for said of least one document, said security component is 
operative to package a file having a filename extension and being in a predetermined 
format, said filename extension being indicative of a format different from the 
predetermined format but compliant with said rendering engine, said file including 
references to a program suitable for rendering content contained in said file, said 
references being compliant with said rendering engine, said rendering engine being 
operative to open the file and follow the references to obtain and install the program to 
thereby render the content. 

33. (Original) A system as recited in claim 32, wherein said 
predetermined format is HTML. 

34. (Original) A system as recited in claim 32, wherein said file contains 
content of a requested one of said documents. 

35. (Previously Presented) A system as recited in claim 12, wherein said 
security component is operative to return a token to said client computer in response 
to a request sent from said client computer to said server, said token including a time 
stamp indicating a length of time that an authentication signature is valid. 
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36. (Original) A system as recited in claim 1, wherein said server 
comprises a plurality of related server computers. 

37. (Currently Amended) A method for controlling use of digital content 
having usage rights associated therewith, said method comprising: 

storing digital content on a server; 

requesting, over a communications network, the digital content from a client 
computer having a standard application program including a rendering engine capable 
of being accessed to render content; and 

enforcing security conditions for accessing the rendering engine with a client 
side security module, separate from the rendering engine, which is downloaded and 
included in said client computer, the security module being adapted to be attached to 
the standard application program for enforcing security conditions, 
wherein, said enforcing step comprises! 

the security module intercepting a request to the rendering engine to 
render the digital content 

determining whether the requested digital content is protected content 
based upon the usage rights associated with the digital content; 

selectively the security module intercepting a request to the rendering 
engine to render the protected digital content , and granting or denying the request to 
render the digital content based on the usage rights associated with the digital content 
only if it determined by the client side security module determines that the requested 
digital content is protected content; 

determining whether to allow a user to perform a requested function on 
the protected digital content based on the usage rights associated with the digital 
content if the client side security module determines that the requested digital content 
is protected content; 

responding to the request to allow a user to perform a requested function 
on the protected digital content based on the usage rights associated with the digital 
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content if the client side security module determines that the requested digital content 
is protected content; and 

disengaging the client side security module from the rendering engine if 
the client side security module determines that the requested content is not protected 
content . 

38. (Previously presented) A method as recited in claim 37, wherein the 
security conditions include the usage rights associated with the content. 

39. (Original) A method as recited in claim 38, wherein the usage rights 
specify a manner of use of the content and conditions for exercising the manner of 
use. 

40. (Original) A method as recited in claim 37, wherein said enforcing 
step comprises determining if said client computer is missing any security component 
software based on a predetermined configuration required for managing security of 
requested content and if said at least one client unit is missing any security component 
software based on said predetermined configuration, providing said missing security 
component software to said client computer. 

41. (Previously Presented) A method as recited in claim 37, wherein said 
enforcing step comprises deactivating the security module if it is determined that the 
request is not for protected content. 

42. (Original) A method as recited in claim 37, wherein said server 
comprises plural server computers and said enforcing step comprises causing said 
client computer to exchange one or more keys with a first of said server computers to 
obtain a validation certificate, said validation certificate permitting said client 
computer to securely communicate with a second of said server computers without 
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any further exchange of keys between said client computer and any of said server 
computers. 

43. (Original) A method as recited in claim 37, wherein said enforcing 
step comprises defining a user interface of said standard application in accordance 
with parameters specified by said server. 

44. (Original) A method as recited in claim 37, wherein parameters 
comprise specifications describing at least one of buttons, colors, patterns, animations, 
menus, and tool bars. 

45. (Original) A method as recited in claim 37, wherein said enforcing 
step comprises creating a client specific watermark based on client specific data and 
superimposing the client specific watermark on a image rendered by said rendering 
engine. 

46. (Original) A method as recited in claim 45, wherein the client 
specific data is unique to the standard application. 

47. (Original) A method as recited in claim 37, wherein the client 
specific data is unique to the client computer. 

48. (Previously Presented) A method as recited in claim 37, wherein said 
enforcing step comprises directing the client, with a server side security component, to 
a transaction aggregator system for managing transactions relating to document 
distribution to receive the client side security module in exchange for transmitting user 
information to the transaction aggregator when said client computer makes a request 
for content and when said client side security module is not installed in said client 
computer, and validating said client computer with said transaction aggregator based 
on predetermined conditions, and wherein said client side security module is unique to 
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thereby identify said client computer to said server and to permit said server to report 
information relating to transactions with said client side computer to said transaction 
aggregator. 

49. (Original) A method as recited in claim 38, wherein said request is a 
request for purchase of digital content, and said one or more requirements are 
purchase price and a manner of use of said digital content. 

50. (Original) A method as recited in claim 49, wherein said digital 
content comprises at least one of text, video, music, sound, and multimedia. 

51. (Original) A method as recited in claim 48, wherein said information 
relating to transactions includes purchase price information and wherein said 
transaction aggregator tracks and accumulates said purchase price information for 
each client computer for a predetermined period of time. 

52. (Original) A method as recited in claim 5 1 , wherein each transaction 
is a micro-transaction request which is accumulated by said content aggregator and the 
total value is transmitted to a credit card company at the end of each period. 

53. (Original) A method as recited in claim 48, wherein said server does 
not obtain the user information of said client computer. 

54. (Original) A method as recited in claim 37, further comprising 
storing a folder of embedded links to digital content on said server and wherein the 
address of said folder is selected one of and to be difficult to ascertain, and wherein 
said enforcing step comprises providing information relating to at least one of the 
links when said client computer sends a request for content to said server and said 
security module indicates that that said client computer is authorized to access the 
content. 
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55. (Original) A method according to claim 54, wherein said digital 
content is a chapter of a book, and said request is a request for renting said chapter of 
said book for a predetermined period of time. 

56. (Original) A method as recited in claim 37, wherein said enforcing 
step comprises creating a document containing references to the digital content and 
spawning a child instance of the rendering engine to render the document, and 
retrieving content through an asynchronous protocol from a secured location with said 
child instance of said rendering engine by following the references to. 

57. (Original) A method as recited in claim 56, wherein said secured 
location is a trusted server method. 

58. (Original) A method as recited in claim 57, wherein said rendering 
engine is a Web browser. 

59. (Original) A method as recited in claim 37, wherein said enforcing 
step comprises checking security information of executable code to be loaded on said 
client computer to ascertain if said executable code is certified for security and if said 
executable code is certified, permitting said executable code to be installed on said 
client computer and wherein if said executable code is not certified, contacting a 
trusted site to verify if said executable code is authorized by said trusted site and 
permitting said executable code to be installed on said client computer if said 
executable code is authorized. 

60. (Previously Presented) A method as recited in claim 48, wherein said 
enforcing step comprises encrypting first portions of data transferred from said server 
to said client computer while second portions of said data are sent to said client 
computer without any encryption, and wherein the ratio of the size of said first 
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portions of said data stream to the total size of said data stream is less than a 
predetermined maximum number and said ratio of the size of said first portions of said 
data to the total size of said data is selected based on communication variables 
monitored by said security component. 

61 . (Original) A method as recited in claim 60, wherein said 
communication variables comprise at least one of the total amount of data to be 
transferred, the communication network latency, and the communication speed. 

62. (Original) A method as recited in claim 37, wherein said enforcing 
step comprises looking for a signature on a request from said client computer to said 
server and if the signature does not exist, sending a software agent from said server to 
said client computer, and wherein said software agent is operative to check said client 
computer to determine if said client computer is secured and the request is signed and 
returned to said server if said agent determines that said client computer is secured. 

63. (Original) A method as recited in claim 62, wherein said request is a 
URL request. 

64. (Original) A method as recited in claim 37, wherein said enforcing 
step comprises embedding all security information in a header of a document 
transmitted between said client computer and said server, said document having a 
body that does not contain security information for content in the document. 

65. (Original) A method as recited in claim 64, wherein said document is 
an HTML document. 

66. (Original) A method as recited in claim 37, wherein said enforcing 
step comprises a first checking step for determining if a request made by said client 
computer corresponds to a prohibited URL and a second checking step for 
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determining if said request corresponds to a prohibited directory, and wherein if said 
request corresponds to a prohibited URL, or if said request corresponds to a prohibited 
directory, instructing said server to deny said request. 

67. (Original) A method as recited in claim 66, wherein said enforcing 
step further comprises directing said client computer to present an appropriate access 
authorization before transferring content if said request is denied by said server. 

68. (Original) A method as recited in claim 37, wherein said enforcing step 
comprises packaging a file having a filename extension and being in a predetermined 
format, said filename extension being indicative of a format different from the 
predetermined format but compliant with said rendering engine, said file including 
references to a program suitable for rendering content contained in said file, said 
references being compliant with said rendering engine, and opening the file with the 
rendering engine and following the references to obtain and install the program to 
thereby render the content. 

69. (Original) A method as recited in claim 68, wherein said predetermined 
format is HTML. 

70. (Original) A method as recited in claim 68, wherein said file contains 
content of a requested one of said documents. 

71. (Original) A method as recited in claim 70, wherein said enforcing step 
comprises returning a token to said client computer in response to a request sent from 
said client computer to said server, said token including a time stamp indicating a 
length of time that an authentication signature is valid. 

72. (Original) A method as recited in claim 37, wherein said server comprises a 
plurality of related server computers. 
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73. (Previously Presented) A system as recited in claim 1, further comprising: 
an HTML document adapted to be rendered by Web browser in a secure 

environment, said document comprising: 

an HTML header defined between header tags; 
an HTML body containing content; and 

security information embedded in said header, said security information being 
associated with one or more usage rights for the content, 

wherein the HTML header, the HTML body, and the security information are 
delivered to a client computing system, and 

the client computing system interprets the security information and honors the 
usage rights while processing the HTML body and the HTML header. 

74. (Previously Presented) The system as recited in claim 73, wherein said 
body does not contain security information for content in the document. 

75. (Previously Presented) The system as recited in claim 74, wherein said 
security information is in the form of an attribute of said header. 

76. (Previously Presented) A system as recited in claim 1, wherein the security 
module is installed on the client computer separately from the standard application 
program. 

77. (Previously Presented) A system as recited in claim 1, wherein the security 
module is installed on the client computer at a different time than the standard 
application program. 

78. (Previously Presented) A method as recited in claim 37, wherein the 
security module is installed on the client computer separately from the standard 
application program. 
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79. (Previously Presented) A method as recited in claim 37, wherein the 
security module is installed on the client computer at a different time than the standard 
application program. 
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